Multiple scan results can now be aggregated and exported into a single report. You can select which scan results to include in the report, both Vulnerability and Discovery scans.
Now you can configure email notifications when your scan matches certain conditions (is Finished, found High Risk, discovered some open port, etc). These notification filters also apply to Scheduled scans.
We have added the option to automatically group similar findings (obtained by multiple scans against the same target) in order to have a cleaner Findings view and to be easier to manage.
Now you can increase the security of your account with Two-Factor Authentication (2FA). Use your mobile device with any authenticator app to login with the second factor.
Besides VmWare, now you can also download the VPN Agent in Hyper-V format, for using it with the Microsoft virtualization solution.
Each finding/vulnerability produced by a scanner now has a unique identifier. This can be used to easily compare scan results programatically (exported as JSON or via API). These identifiers (vuln_id) look like: WEBSCAN-00-0000012 or NETSCAN-01-0002349.
We have fixed a bug in the finding “Vulnerabilities found for server-side software” in order to set the CVSS score as the maximum of all vulnerabilities mentioned in the table (instead of ‘-1’). Furthermore, the CVE field is now populated with a comma separated list of all CVEs from this finding (instead of ‘None’).
Now you can import targets from a file together with their descriptions. The target name and description must be comma separated, like: “www.example.com, Production web server”
We have added a new method to connect to the internal network in order to make internal scanning much easier. You just need to download the VPN Agent virtual machine and run it inside the internal network. It initiates a VPN tunnel automatically from our scanning servers to your network.
Paying users can upgrade or downgrade their current plan directly from our platform (without interacting with FastSpring). Just pick the new plan and it will be modified instantly.
We have launched a dedicated support section on our website with multiple articles, product guides and answers to common questions.
We have added an introduction page to help customers easily get started with the platform.
Users have a new filtering method to display only the relevant findings in the Findings page. They have the option to not show False Positives, Informational or Ignored findings, such that the Findings view is cleaner and easier to manage.
This is a bug fix which now allows custom logos to appear in the header of a docx report generated from the Findings page.
We have added advanced filters for the Attack Surface functionality in order to easily search for interesting ports, services or technologies.
Now you can download your invoices directly form MyAccount page, without needing to go to FastSpring.
The attack surface view aggregates hosts, ports, services and technologies from all the targets in the current workspace in order to show a summary view of the possible attack entry points.
We have rewritten the authentication module which performs automatic login with username and password. We have added support for Single Page Applications and improved the authentication logic.
We have added a WISIWYG editor to add rich-text elements when creating a Manual Finding, such as: images, tables, hyperlinks, code, bold, italic, underline, etc. All these elements are being properly translated to docx when you want to generate an editable pentest report.
Users can edit all the details of a finding produced by a tool/scanner by cloning it into a new manual finding. This new finding can be manually adjusted as needed (change name, description, risk level, etc).
Users can export scan results of any tool in JSON format. This allows easier data parsing and integration with external tools.
We are offering temporary free pentesting services for organizations affected by the COVID-19 virus.
Users can generate Jira issues directly from our Findings page.
We have added a new tool for detecting vulnerabilities in SSL/TLS servers, which deprecates existing tools (Heartbleed, ROBOT, POODLE, DROWN scanners). Those deprecated tools have been disabled.
We have added a new tool to detect the SMBGhost RCE vulnerability (CVE-2020-0796) in Windows 10, SMBv3.
We have added a new tool to detect the Ghostcat vulnerability (CVE-2020-1938) affecting Apache Tomcat servers.
Now the TCP and UDP Ports Scanners can be accessed programatically via the API.
We have added a new API call – get_workspaces – which returns the list of workspaces of the current user. Furthermore, the start_scan function can be configured to start a scan in a designated workspace.
We have added a new new tool to detect the Citrix RCE vulnerability CVE-2019-19781.
Users now can delete multiple scheduled scans at once.